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COMPUTER NETWORK SECURITY SYSTEM EMPLOYING PORTABLE 

STORAGE DEVICE 

BACKGROUND AND SUMMARY OF THE INVENTION 

[0001] The present Invention relates generally to computer network 
security systems. More particularly, the invention relates to a security system 
that allows secure access by a remote authenticated user via a remote client that 
utilizes a portable storage device containing user-generated one-time passwords. 

[0002] With the proliferation of computer network-propagated viruses 
and worms, and with the increasing frequency at which computer networks are 
being broken into, there is considerable interest today in computer security. 
Sophisticated network administrators construct secure firewalls to prevent such 
attacks. Less sophisticated system administrators, including most home network 
computer users, employ security measures that are far less robust. At present, 
many home computer networks are simply unprotected. Computer network 
security is a complex issue, and many home network users simply do not have 
the skill or training to ensure that their networks are free from attack. 

[0003] The present invention provides a network security solution that 
is both highly secure and easy to use. The invention is thus ideal for home 
network security applications, where the network "administrator" may not 
necessarily have a great deal of training or experience in security issues. 

[0004] The invention employs a portable storage device that maintains 
a set of one-time passwords. Using system software from a secure vantage 
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point within the home network, the user generates a set of one-time passwords 
that are stored on the portable storage device. The portable storage device may 
then be installed in or connected to any remote client computer, giving that 
remote client computer the ability to establish and authenticate a secure 
connection with the home network. Each password is used only once, and 
session management software within the home network has the ability to limit a 
session to a predetermined length of time (e.g., 30 minutes). Although 
communication between home network and remote client is preferably over a 
secure channel, communication of the one-time password over this channel is is 
further protected by using an encrypted version of the user's PIN number. The 
PIN number is encrypted at the remote client using a plug-in module that 
accesses a protected area within the portable storage device to retrieve the key 
used for this encryption. 

[0005] The preferred embodiment takes the form of a home gateway 
that includes a firewall which functions as a screening router. The screening 
router screens out all requests to access content on the home network. All URLs 
associated with the home network are unreachable directly from the outside, and 
are thus maintained as protected URLs. The remote client, even after 
authentication, cannot issue URLs for the home network directly. Rather, upon 
authentication, a web proxy system is employed to communicate with the home 
network on behalf of the authenticated remote client. The proxy system works in 
conjunction with URL modification and URL verification processes. The URL 
verification process verifies the authenticity of the client, while the URL 
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modification process gives the web proxy system tlie correct reference for the 
trusted domain resource. The URL modification process is unique for each 
authenticated client and for each authenticated session. Thus URLs that have 
been modified for a given authenticated client and for a given session cannot be 
re-used by other clients, or even for the same client during a later session. 

[0006] In the preferred embodiment the authentication function is 
performed by a bastion host system forming part of the home gateway. The 
bastion host has software to perform the remote key authentication process by 
which the remote client authenticates itself using the one-time password obtained 
from the portable storage device. The bastion host also performs the URL 
verification and modification functions mentioned above. 

[0007] The invention thus affords a high level of security in an easy-to- 
administer package. Everything a user needs to gain access to the home 
network from a remote client computer (except for knowledge of the user's 
personal identification number) is stored on the portable storage device. In a 
presently preferred embodiment the storage device also includes suitable 
browser plug-in software that supplies a remote client computer's browser with 
the capability of performing the authentication process, including the process of 
accessing and using the appropriate one-time password. 

[0008] Unlike other security systems that rely on a trusted third party 
source for key distribution, the invention allows the user to create his or her own 
keys by operating configuration software at the trusted home network site. The 
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user thus configures the portable storage device, supplying it with a set of one- 
time passwords using the configuration software. 

[0009] The configuration software also installs a corresponding set of 
authentication codes in a secure database associated with the gateway. In this 
way, both the gateway and the portable storage device are provided with the 
corresponding keys needed to perform authentication. This solves the problem 
of how to securely distribute keys to a remote client, so that the remote client can 
then gain access to the home network. 

[0010] For a more complete understanding of the invention, its objects 
and advantages, refer to the following specification and to the accompanying 
drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0011] The present invention will become more fully understood from 
the detailed description and the accompanying drawings, wherein: 

[0012] Figure 1 is a system block diagram giving an overview of a 
presently preferred embodiment; 

[0013] Figure 2 is a block diagram of the system of Figure 1, showing 
the basic structure of the presently preferred gateway; 

[0014] Figure 3 is a data flow diagram useful in understanding the 
operation of the gateway illustrated in Figure 2; 

[0015] Figure 4 is a block diagram of the gateway of Figure 2, 
illustrating the authentication and proxy modules in greater detail; 
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[0016] Figure 5 is block diagram of the gateway of Figure 2, illustrating 
the one time password authentication mechanism; 

[0017] Figure 6 is a block diagram giving a more detailed view of the 
presently preferred authentication process; 

[0018] Figure 7 is a data flow diagram useful in understanding the 
presently preferred authentication process; 

[0019] Figure 8 is a sequence diagram further illustrating the 
authentication process; 

[0020] Figure 9 is a block diagram of the gateway of Figure 2, 
illustrating the web proxy function of the preferred embodiment; 

[0021] Figure 10 is a block diagram of components of the web proxy 
module, illustrating the uniform resource locator (URL) verification and 
modification functions; 

[0022] Figure 11 illustrates the presently preferred process for 
initializing or configuring the portable storage device; 

[0023] Figure 12 is a block diagram giving a more detailed view of the 
manner of utilizing the client browser plug-in for authentication. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 
[0024] The following description of the preferred embodiment(s) is 

merely exemplary in nature and is in no way intended to limit the invention, its 

application, or uses. 
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[0025] An exemplary implementation of the secure network access 
architecture is illustrated in Figure 1 . The remote client 20 communicates with 
the home network 22 via a hostile network, such as the Internet 24. The home 
network 22 can be as simple as a single computer or as complex as a full scale 
local area network. Because the invention is particularly well suited for use by 
unsophisticated users, the home network illustrated in Figure 1 comprises a fairly 
simple local area network including a server 26, a printer 28 and a pair of 
desktop or laptop computers 30. While a simple home network has been 
illustrated here, it will be appreciated that the principles of the invention can 
readily be extended to larger networks such as those found in offices, public 
agencies, universities and the like. 

[0026] From a security standpoint, the home network 22 is a trusted 
network. In contrast, the internet 24 is a hostile network. The system operator of 
the home network has the ability to configure the home network so that only 
authorized users can access it and use its services. The home administrator 
does not have similar control over the internet 24. Therefore, to separate the 
trusted side from the hostile side, the present invention employs a gateway 
device 32. The details of the gateway device will be described more fully below. 
Essentially, the gateway functions as a gatekeeper, blocking ail unauthorized 
access to the home network. The gateway device is also responsible for 
mediating the authentication process by which the remote client 20 authenticates 
itself so that it can gain access to the server 26 on the home network 22. 
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[0027] A key component of the authentication mechanism of the 
invention is a portable storage device 34. Two such devices are shown in Figure 
1 , one being configured at A and one being used by the remote client at B. The 
gateway device includes a suitable memory recording apparatus 36 to initialize 
and configure the portable storage device. The portable storage device 34 can 
take a variety of forms, including CD ROM, DVD, CD-R. DVD-RAM, flash 
memory, and other hard disk-based media or solid state memories. A CD ROM 
embodiment has been illustrated in Figure 1 

[0028] According to one aspect of the Invention, any portable storage 
device can act as a remote key storage mechanism. However, in the presently 
preferred embodiment, an additional level of protection is provided by including 
within the portable storage device a secure protected area. The details of this 
protected area will be discussed more fully below. 

[0029] The portable storage device 34 functions as a secure key 
distribution mechanism. The user initializes and configures the portable storage 
device within the perimeter of the home network. More specifically, in the 
preferred embodiment the user accomplishes this using a secure interface to the 
portable storage device, defined within the gateway, and using secure software 
modules running on the gateway in a tightly controlled, secure fashion. In the 
preferred embodiment, the gateway includes a secure database in which the 
keys are also stored. This database is likewise a tightly controlled, secure entity 
that may be accessed only be secure software modules running on the gateway. 
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[0030] In the future, if secure components are developed to maintain 
interface and software module security across a distributed environment, the 
portable storage device initialization and configuration functions, and the secure 
database maintenance functions, may be implemented using computer systems 
within the trusted domain, other than the gateway. 

[0031] After initialization, the portable storage device may then be 
taken by the user to any computer anywhere in the world. By installing the 
portable storage device in that computer (such as in the remote client 20) the 
computer is rendered capable of authenticating itself for communication with the 
home network 22. In the presently preferred embodiment the portable storage 
device is provided with the one-time passwords during the initialization. 
Thereafter, during uses a plug-in program accesses theses one-time passwords 
as will be more fully explained. The plug-in program may be a program module or 
applet suitable for use by the web browser software already resident on the 
remote client 20. The plug-in software enables the remote client to participate in 
the exchange of messages needed for authentication. The preferred 
embodiment uses the secure sockets layer (SSL) to establish a secure pipeline 
38 through the internet 24. 

[0032] Referring to Figure 2, the gateway device 32 implements a 
firewall 40 that employs a packet filtering screening router 42. This router is 
configured to prohibit all remote clients from accessing any host on the home 
network 22 directly. The screening router in turn communicates with a bastion 
host 44 which performs the remote key authentication functions 46 and the web 
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proxy functions 48, as will be more fully discussed below. Essentially, the 
bastion host 44 requires authentication, using the appropriate one-time password 
obtained from the portable storage device. To ultimately obtain infonnation 
through the firewall, the remote client must successfully participate in the remote 
key based authentication process shown diagrammatically at 21 . 

[0033] Once authentication has been successfully completed, the 
bastion host performs URL address translation and client verification services as 
part of the web proxy functions 48. Specifically, URLs arriving from the remote 
client are verified as coming from the authenticated client, and then modified 
specifically for that client. The web proxy system consults active state 
middleware (ASSM 72, Fig. 4) to determine if there is an active state for that 
authorized client. If so, the web proxy system accesses the trusted home network 
on behalf of the remote client. Notably, the address translation function is specific 
for each client. Re-use of URLs is prohibited, thus thwarting a system attack 
where URLs for an authenticated client are intercepted and reused by an 
impostor. Further details of this process are described below in connection with 
Figure 9. 

[0034] To better envision how a remote client is able to gain access to 
information stored on the home network, refer to Figure 3. Figure 3 presents a 
data flow diagram illustrating how the access to information on the home network 
is effected. The remote client establishes a secure channel 50, such as an SSL 
connection over the internet. The screening router 42 serves as a firewall that 
always blocks URLs associated with the home network as depicted at 52. The 
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screening router 42 does allow certain communications to pass through the 
firewall, namely those needed for authentication and subsequent communication 
using the web proxy functions. Thus the screening router communicates with the 
bastion host 44, first, for session management and authentication, and second, 
for web proxy services after authentication. 

[0035] The bastion host includes a session manager that requires 
authentication using a one-time password. For added security, the session 
manager also controls the length of the session, by terminating the session after 
a predetermined time (e.g., 30 minutes). These control functions are illustrated 
at 54. The session manager performs the authentication function by interaction 
with the plug-in software within the portable storage device as depicted at 56.. 

[0036] The portable storage device is provided with one-time 
passwords as part of the user configuration depicted at 58. Specifically, the 
gateway generates random numbers and random keys which are then 
personalized for a specific user, using the user's PIN. The PIN thus becomes a 
factor in the encryption equation. Specifically, the PIN is exclusive-ORed (XOR) 
with the key Kj. To prevent discovery of the user's PIN through brute force attack, 
the preferred embodiment uses an encrypted version of the user's PIN as one of 
the factors needed to generate the one-time password. The value used to 
encrypt the user-supplied PIN is a special symmetric key Ks. Ks is generated by 
the gateway and stored in a protected area within the portable storage device. 
Only a properly authenticated storage device, and a properly authenticated user 
of the portable storage device can access the protected area to retrieve Kg. 
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[0037] Specifically, the portable storage device must be authenticated 
by the reading device into which it is installed, inserted or attached, and the user 
must be authenticated by supplying the PIN— after being prompted by the plug-in 
module to enter it. 

[0038] Once the session manager establishes an authenticated 
session, the requests for URL access are processed by URL verification and 
modification functions used in conjunction with the web proxy functions depicted 
at 60. The web proxy then communicates with the trusted home network, to 
obtain information or resources on behalf of the remote client, using the modified 
URLs, as verified and customized for the particular authenticated client. 

[0039] The details of the gateway's proxying and client authentication 
module's interaction are shown in Figure 4. In the presently preferred 
embodiment, the gateway 32 is the only machine with a valid certificate and the 
only host equipped with the SSL web proxy server 48. This SSL proxy server is 
the only entity used in all remote client accesses of the home content. The 
packet filtering policies deployed at the screening router are configured 
appropriately: only the https traffic directed at the web proxy is passed by a 
packet filter, all other traffic is rejected. 

[0040] The process begins with the remote client 20 issuing the direct 
https URL request to a gateway. This request includes a User ID. At this point 
the remote client and gateway's remote key authentication module 70 take part in 
the authentication process based on use of a one-time password. The details of 
this authentication will be discussed in detail below. 
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[0041] Successful authentication creates a "client-gateway session 
state" (CGSS) in the active session management middleware (ASMM) 72 of the 
gateway. At the beginning of each session, a session duration timer associated 
with ASMM 72 is reset to zero (e.g., not to exceed W = 30 minutes). The ASMM 
72 then retrieves the user-specific parameters from a secure user database 73. 
This secure user database is secretly populated with information about the one- 
time passwords when the user configures the portable storage device (as at 58 in 
Fig. 3). This secret information and other CGSS parameters are used during the 
authentication and URL validation processes. 

[0042] Specifically, after authentication ASMM 72 instructs the SSL 
web proxy components of the web proxy server 48 to do the appropriate web 
proxying combined with URL validation as at 74 and to perform the bi-directional 
URL modification processes as at 76. Those processes are described more fully 
below in connection with Figure 10. 

[0043] After the expiration of a user session (suggested 30 minutes), 
the web proxy system sends a custom page (from the templates page database 
78) to the remote client, indicating that a new portable storage device-based 
authentication must take place. The remote user is also able to explicitly tear 
down the client-gateway session (CGSS), by issuing a request of the type: 

https://gw_host/?UserlD=db&TearDown=on 
The ASMM 72 then tears down the client-gateway session state (CGSS) and 
instructs the web proxy system not to resume the "old" SSL session. A full SSL 
handshake has to be performed again by the client and the proxy to establish the 
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new SSL session, perform the full round of portable storage device-based 
authentication, and create the new CGSS. It is important to note that once the 
CGSS is torn down, no proxying of the web content may occur In response to an 
"outside" request, since the requested URLs would fail their authenticated 
validations. 

[0044] In the preferred embodiment, the gateway 32, with the proxy 
service running on it, Is the only host which needs a valid IP address. The rest of 
home hosts may obtain their IP addresses from the internally managed address 
pool, using such mechanisms as DHCP and network address translation (NAT). 

[0045] With the overall architecture of the presently preferred 
embodiment in mind, details of the preferred remote key authentication process 
will now be described with reference to Figures 5-8. Referring to Figure 5, 
authentication is mediated by the remote key authentication module 46. The 
presently preferred embodiment uses at least 128 bit-strength ciphers, meaning 
that all session keys (Ki, Kg) should be at least 128 bits long. Prior to use, keys 
are generated by a key management system detailed below In connection with 
Figure 1 1 . 

[0046] In the preferred embodiment we require a "true" random number 
generator for generation of random cryptographic parameters. Many of the 
security aspects of the proposed system depend on random sequences used as 
one-time passwords and keys for their encryption. Such generator could take 
into account, for example, external temperatures. Information about networking 
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connections and many other external sources, and combine these together using 
some strong hashing functions (e.g., MD5). 

[0047] The portable storage device-based authentication process is 
shown in Fig. 6. During the remote key's initialization stage, the "future" remote 
user must be physically proximate to the home gateway. The user must insert 
the key card (or CD media) into the gateway for the initialization procedure and 
subsequent transfer of one-time passwords to the key card. Remote key card 
initialization process is depicted in Fig. 11 and is described in detail below. 
During this initialization stage, the gateway simply generates a set number (e.g., 
N=100) of random passwords (Si), encrypts those with random keys (Ki) and 
makes them dependent on the user's knowledge of the 4-digit PIN (which Is then 
protected by a symmetric key (Ks) stored in the protected area). These 
encrypted passwords (Ei) are then stored in the portable storage device that can 
be taken by the remote client on a trip. Passwords (SO and corresponding keys 
(Ki) are also stored in the gateway's secure database for access by the remote 
key authentication module 70 (Fig. 4). 

[0048] Referring to Figure 6, The authentication process then proceeds 
according to the steps enumerated as follows: 

Step (1) Remote client submits its user ID to the gateway inside https 
request. 

Step (2) In this step gateway sends the counter's value (i) to the remote 
client along with the value of secret corresponding key (Ki). 
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The gateway keeps the counter (i) indexing the number of successful user 
authentications. If N=100, the counter goes from 100 down to 1. When the 
counter reaches 0, no more authentications are allowed for a given user ID 
without re-initializing the key card. 

Step (3) Client browser Plugin software decrypts the one time password 
(Ei) according to the expression: SFDKi®Eks(PiN)(Ei). Plugin sends Si to the 
gateway's Key Card Authentication module. 

[0049] At this point the remote key authentication module 70 (Fig 4) 
compares the value Si received from the client with the one stored in its secure 
database 73 (Fig. 4). If they match, the ASMM 72 decrements the value of the 
usage counter (1) and establishes CGSS inside the gateway's ASMM 72 (Fig. 4). 

[0050] A denial of service (DOS) attack would occur if an intruder were 
able to use up all the password space by simply submitting the User ID to the 
gateway multiple times. To prevent this the preferred embodiment decrements 
the counter only after a successful user authentication. In addition, we suggest a 
time window (W), within which a maximum of three authentication attempts is 
permitted. If the number of unsuccessful attempts reaches three, no further 
authentication attempts for a given user are permitted within this current W. The 
proposed length for the window W is 5 minutes. 

[0051] For a more complete understanding of the authentication 
process, refer now to Figures 7 and 8. Figure 7 illustrates the processing 
performed at the remote client once the appropriate information has been 
received from the gateway. Figure 8 illustrates the same process at a somewhat 
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higher level, showing the exchange of messages that are passed among the 
various entities that participate in the authentication process. 

[0052] Communication between the remote client and the gateway 
begins with the remote client accessing a log-in page generated or served from 
pages stored in the template page database. This invokes the plug-in module, 
which then prompts the user to supply his or her log-in name or user ID. The 
user then enters his or her user ID, and this information is sent to the gateway 
where the ID is checked by the ASSM middleware and where the secure 
database is accessed to retrieve the values of I and Kj that are appropriate for 
that user. Once these values are retrieved, the authentication process is ready to 
begin. 

[0053] The authentication process begins with the gateway 
communicating the index number i and the key value Kj to the remote client, 
which is operating using the plug-in module. In Figures 7 and 8 this first 
exchange of information (i, Kj) is illustrated at 200. The plug-in module uses the 
index value i to index into the table of one-time passwords, Ei...Ei. Note that 
these are encrypted passwords. In Figure 7 encrypted password Ej is retrieved 
by the plug-in module at 202. 

[0054] Meanwhile, the plug-in module prompts the user to enter his or 
her secret PIN number as at 204. The user then enters the secret PIN at 206. In 
the preferred embodiment, the user's PIN is not used in its plaintext form. 
Instead, the PIN is encrypted and the encrypted PIN is then used as one factor in 
generating the key needed to unlock the encrypted one-time password. As 
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shown at 208, the user's PIN is encrypted using the value Ks which is stored in 
the protected area within the portable storage device. Access to the protected 
area is gained only upon authentication of the portable storage device. 

[00551 The plug-in module retrieves the encrypted session key Ks at 
210 and then uses it at 208 to encrypt the user-supplied PIN. At this stage in the 
process the plug-in module thus has the three pieces of information it needs to 
generate the one-time password, namely Ks, Ej and Kj.. The index value i is used 
to retrieve a selected one of the encrypted one-time passwords Ei at 202. The 
encrypted PIN Eks. is combined through an exclusive-OR (XOR) operation with 
the value Ki and the result is used along to decrypt the encrypted one-time 
password Ei. The decryption process is shown in Figure 7 at 214. The decryption 
process generates a single one-time password Si, shown in Figure 7 at 216. 
This one-time password is then sent back to the gateway at 218. The gateway is 
then able to compare the one-time password with the stored one-time passwords 
within its secure database (secure database 73 of Fig. 4) to verify that the remote 
client is or is not authorized to proceed with secure communication. 

[0056] As previously noted, all direct communication with the secure 
trusted network is blocked by the screening router 40. Only the proxy system 
has access to the trusted network, and it will obtain information and services on 
behalf of a remote client, only after proper authentication has occurred. In 
performing its task, the proxy system uses the URL validation and URL 
modification services. The details of these validation and modification services 
are shown in Figures 9 and 10. 
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[0057] Despite the fact that the communication between the remote 
client and the home host is protected by the SSL-based encryption, we propose 
to further strengthen security in a way that guarantees that only the properly 
authenticated client could be the party capable of issuing a valid URL. This 
approach will "bullet proof all URLs, even if the SSL channel is compromised by 
an intruder. 

[0058] As each web page passes through a web proxy toward the 
remote client, each internal to the home site URL href reference is rewritten by 
the URL modification module 90 Fig. 10 in a fashion shown below: 
https://gateway_host/home_host/MSB/64{MD5i28((0riginal_URL|| 
UserJD)®Si}/OriginaLURL/?UserlD=db, where Si = DKieEks(piN)(Ei) 
[0059] This reference then becomes the URL, which the remote client 
receives and subsequently would issue within its requests to the web proxy 
server. The overall process is shown in Fig. 10. When the modified URL arrives 
from the remote client to the gateway, the URL verification (validation) module 92 
verifies its authenticity. The URL modification module then translates the URL 
into its regular form: 

http://home_host/Original_URL 
This then becomes the request that the web proxy issues over trusted home 
network. Note that the URL modification process is bi-directional. Incoming URLs 
from the remote client are modified specifically for that client (upon 
authentication). Similarly, outgoing URLs sent to the remote client are also 
modified using the same modification rules. 
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[0060] Given that Si is only valid for a given remote client session (W = 
30 minutes), even if the underlying SSL connection is compromised, URLs 
obtained by the Intruder are worthless for referencing within any future sessions. 

[0061] The portable storage device by which one-time passwords are 
securely distributed to a remote client forms an important part of the network 
security system. As noted above, the system Is designed to allow the user to 
conveniently configure his or her own portable storage device, using initialization 
and configuration software deployed at the gateway. The details by which the 
portable storage devices is configured will now be described in connection with 
Figure 1 1 . 

[0062] Before the user can login from the remote location, he or she 
needs to initialize the portable storage device (remote key) by inserting it into a 
slot of the recording apparatus 36 on gateway 32. In case the CD/DVD media is 
being used as a portable storage, gateway device must be equipped with 
CD/DVD writer, capable of storing information into "user" and "protected" areas 
on the portable media. The process is shown in Fig. 11. The remote key 
management module 70 (Fig. 4) performs the remote key initialization process. 

[0063] During each portable storage device initialization process, the 
gateway (Fig. 11, step (1)) generates a set number (N) of user one-time 
passwords (Si). These are simply the random numbers obtained from the 
random number generator. In addition, the gateway generates N random keys 
(Ki) and forms pair associations between each one-time password and each key 
(Fig. 11. step (2)). 
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[0064] In step (3), the gateway's remote key management module 
obtains User PIN from the authentication plug-in software at the user side, 
generates random Ks (step (4)), authenticates the key card and stores Ks within 
the protected area of the portable storage device (step (5)). 

[0065] In step (6) the gateway's remote key management module 75 
(Fig. 5) computes the value of Ei = Eki®Eks(PiN(Si) for each pair association (Si , Kj). 
These values are then stored in the user data area of the portable storage device 
in step (7). 

[0066] Finally, user's ID, user's PIN, Ks and OTP key-password pairs 
(Si , Ki) are stored in the secure database (73) Fig. 4 for future reference by the 
Remote Key Authentication 70 and ASMM 72 modules (see Fig. 4). If any of the 
above steps fails, for any reason, the overall portable storage device initialization 
process must fail. 

[0067] Once the portable storage device has been initialized with keys, 
the user can take it to any suitably equipped computer, anywhere in the world, 
and engage in secure client-server communication with the gateway. In the 
presently preferred embodiment, the remote client computer uploads or installs a 
plug-in software module (carried by the portable storage device, for example). 
The plug-in software module configures the client computer to participate in the 
exchange of messages needed to effect authentication. The plug-in software 
module also allows the remote client computer to generate the appropriate one- 
time password by selecting and decrypting one of the passwords stored on the 
portable storage device using a key generated using information from the 
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gateway and the user's PIN. In the preferred embodiment an encrypted version 
of the user's PIN is used to generate the key needed to decrypt the selected one 
time password. The user's PIN, supplied as plaintext by the user, is encrypted 
using a session key stored In the protected area within the portable storage 
device. Basing the authentication on an encrypted PIN makes the preferred 
embodiment more secure, by reducing system vulnerability to a brute force 
attack upon information communicated over the secure SSL channel. 

[0068] The preferred embodiment is designed to prevent any 
modifications to the remote client's Web browser. However, in order for a client 
to perform the portable storage device-based authentication process described 
earlier, the browser would require the help from a plug-in module, capable of 
accessing the portable storage device and performing some auxiliary 
cryptographic computations. Fig. 12 shows the browser-Plugin-gateway 
interaction in detail. 

[0069] In Fig. 12, step (1) the remote client submits the query to the 
gateway, Indicating its need to establish the SSL session for a subsequent OTP 
exchange and including the client's User ID. 

https://gw_host/?UserlD=user_name 

[0070] In step (2), the remote key authentication module 70 Fig. 4 
responds with the page containing the <OBJECT> tag, indicating the Plugin's 
name and the values of (i) and (KO, passed as plugin's parameter strings. At this 
point the Plugin "pops up" a user widget, asking the client for his or her PIN. It 
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then accesses the values of Ej and Ks from the protected area of the portable 
storage device, computes the value of the one-time password: 

Si = DKi®Elcs(PIN)(E|) 

This value is send back to the remote key authentication module via the same 
SSL channel in step (3): 

https://gw_host/?UserlD=db&Si=1 23456789ABCDEF0FEDCBA987654321 0. 

[0071] Preferably, the plug-in module should be signed by the 
manufacturer of the gateway, and be tamper-resistant. Use of cookies is also 
possible. The cookie, for example, may be modified by the client's helper 
application, which participates in the user authentication. 

[00721 From the foregoing, it will be appreciated that the invention 
provides a user-friendly, convenient and yet highly secure system for effecting 
secure communication with a computer system or computer network. The 
description of the invention is merely exemplary in nature and, thus, variations 
that do not depart from the gist of the invention are intended to be within the 
scope of the invention. Such variations are not to be regarded as a departure 
from the spirit and scope of the invention. 



22 



